Microsoft 365
Microsoft 365 users hit by random product deactivation errors
Microsoft is investigating a known issue triggering “Product Deactivated” errors for customers using Microsoft 365 Office apps. According to online user reports on Reddit and Microsoft’s own community website, affected users randomly received these “Product Deactivated” errors in Office apps, prompting confusion and disruptions. As Redmond explained in a support document published on Thursday, these problems stem from licensing changes initiated by […]
CISA orders federal agencies to secure Microsoft 365 tenants
CISA has issued this year’s first binding operational directive (BOD 25-01), ordering federal civilian agencies to secure their cloud environments by implementing a list of required secure configuration baselines (SCBs). While CISA has only finalized the SCBs for Microsoft 365, it plans to release additional baselines for other cloud platforms, starting with Google Workspace (anticipated to […]
Microsoft 365 outage takes down Office web apps, admin center
Microsoft is investigating a widespread and ongoing Microsoft 365 outage impacting Office web apps and the Microsoft 365 admin center. Since this incident started hours ago, Downdetector has received user reports complaining about problems connecting to Outlook, OneDrive, and other Office 365 apps and services. Affected customers see “We’re experiencing a service outage. All of your open […]
New Rockstar 2FA phishing service targets Microsoft 365 accounts
A new phishing-as-a-service (PhaaS) platform named ‘Rockstar 2FA’ has emerged, facilitating large-scale adversary-in-the-middle (AiTM) attacks to steal Microsoft 365 credentials. Like other AiTM platforms, Rockstar 2FA enables attackers to bypass multifactor authentication (MFA) protections on targeted accounts by intercepting valid session cookies. These attacks work by directing victims to a fake login page that mimics Microsoft […]
Microsoft 365 Admin portal abused to send sextortion emails
The Microsoft 365 Admin Portal is being abused to send sextortion emails, making the messages appear trustworthy and bypassing email security platforms. Sextortion emails are scams claiming that your computer or mobile device was hacked to steal images or videos of you performing sexual acts. The scammers then demand from you a payment of $500 […]
Microsoft Outlook bug blocks email logins, causes app crashes
Microsoft is investigating an Outlook bug causing desktop app crashes, high system resource usage, and preventing users from logging into their accounts. While the company said these ongoing issues only affect European customers, users worldwide have since reported experiencing the same sign-in and app instability problems. “We’re investigating an issue in which users in Europe may be experiencing crashing, not […]
New Mamba 2FA bypass service targets Microsoft 365 accounts
An emerging phishing-as-a-service (PhaaS) platform called Mamba 2FA has been observed targeting Microsoft 365 accounts in AiTM attacks using well-crafted login pages. Additionally, Mamba 2FA offers threat actors an adversary-in-the-middle (AiTM) mechanism to capture the victim’s authentication tokens and bypass multi-factor authentication (MFA) protections on their accounts. Mamba 2FA is currently sold to cybercriminals for […]
Microsoft Office 2024 now available for Windows and macOS users
Microsoft has released Office 2024 for small businesses and consumers who want a standalone version without a Microsoft 365 subscription. Office 2024 includes updated, locked-in-time versions of Word, Excel, PowerPoint, OneNote, and Outlook for Windows and macOS systems. It also requires a Microsoft account and an internet connection (likely needed during the installation and for […]
Microsoft Defender adds detection of unsecure Wi-Fi networks
Microsoft Defender now automatically detects and notifies users with a Microsoft 365 Personal or Family subscription when they’re connected to unsecured Wi-Fi networks. The Defender privacy protection feature (also known as Defender VPN) protects your privacy and security when connected to public Wi-Fi or an untrusted network, where your data and identity could be exposed […]
Microsoft Sway abused in massive QR code phishing campaign
A massive QR code phishing campaign abused Microsoft Sway, a cloud-based tool for creating online presentations, to host landing pages to trick Microsoft 365 users into handing over their credentials. The attacks were spotted by Netskope Threat Labs in July 2024 after detecting a dramatic 2,000-fold increase in attacks exploiting Microsoft Sway to host phishing […]